AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 3/17/2020

1 – Australian Engineers Just Accidentally Solved a 58-Year-Old Quantum Mystery

Nearly 60 years ago, Nobel Prize-winning physicist Nicolaas Bloembergen predicted an exciting new phenomenon called nuclear electric resonance. But no one has been able to demonstrate it in action – until now. Actual evidence of nuclear electric resonance has now been discovered by accident in a lab at the University of New South Wales (UNSW) in Australia, thanks to faulty equipment. The breakthrough gives scientists a new level of control over nuclei, and could seriously speed up the development of quantum computers. Central to the phenomenon is the idea of controlling the spin of individual atoms using electrical rather than magnetic fields. That means more precise and more miniaturised management of nuclei, which could have profound impacts in a variety of fields.


2 – Press freedom group stores censored articles in Minecraft library

A virtual library housing censored articles from around the world has been created within the hugely popular video game Minecraft by press freedom group Reporters Without Borders (RSF). Minecraft, with its signature pixelated graphics, enables players to build entire universes from Lego-like digital blocks, either alone or with others online. RSF said it had put work by banned, exiled or killed journalists in five countries — Egypt, Mexico, Saudi Arabia, Russia and Vietnam — on an open server, making it available for players to view despite local censorship laws. “In these countries, where websites, blogs and free press in general are strictly limited, Minecraft is still accessible by everyone,” the group said in a press release.


3 – Your data was ‘taken without permission’, customers told, after personal info accessed in O2 UK partner’s database

Hackers have slurped biz comms customers’ data from a database run by one of O2’s largest UK partners. In an email sent to its customers, the partner, Aerial Direct, said that an unauthorised third party had been able to access customer data on 26 February through an external backup database, which included personal information on both current and expired subscribers from the last six years. The data accessed included personal information, such as names, dates of birth, business addresses, email address, phone numbers, and product information. The company said no passwords or financial information was taken.


4 – Browser vendor leaks data via open server

A browser vendor leaked user data after it accidentally left an Elasticsearch server exposed on the internet without a password. The leak occurred at Blisk, an Estonian company that develops the eponymously named Blisk browser. The Blisk browser is a Chromium-based offshoot tailored for the web and app development community, and comes with support for enhanced developer tools, device previewing capabilities, and project collaboration tools. Launched in May 2016, the browser has gained a following in the web development market. On its site, Blisk says its browser is used by more than 40,000 companies, including some big names such as HP, Xerox, NASA, Unicef, Deloitte, UEFA, Vice News, and Pandora.


5 – Princess Cruises, hobbled by the coronavirus, admits data breach

Princess Cruises, the cruise liner forced to halt its global operations after two of its ships confirmed on-board outbreaks of the coronavirus, has now confirmed a data breach. The notice posted on its website, believed to have been posted in early March, said the company detected unauthorized access to a number of its email accounts over a four-month period between April and July 2019, some of which contained personal information on its employees, crew and guests. Princess said names, addresses, Social Security numbers and government IDs — such as passport numbers and driver license numbers — may have been accessed, along with financial and health information. But, the cruise liner said, the potentially impacted data is “not specific” to each guest.


6 – Intel’s neuromorphic chip learns to ‘smell’ 10 hazardous chemicals

Of all the senses, scent is a particularly difficult one to teach AI, but that doesn’t stop researchers from trying. Most recently, researchers from Intel and Cornell University trained a neuromorphic chip to learn and recognize the scents of 10 hazardous chemicals. In the future, the tech might enable “electronic noses” and robots to detect weapons, explosives, narcotics and even diseases. Using Intel’s Loihi, a neuromorphic chip, the team designed an algorithm based on the brain’s olfactory circuit. When you take a whiff of something, molecules stimulate olfactory cells in your nose. Those cells send signals to the brain’s olfactory system, which then fires off electrical pulses. The researchers were able to mimic that circuitry in Loihi’s silicon circuits.


7 – Comcast and T-Mobile upgrade everyone to unlimited data for next 60 days

Comcast announced late Friday that it is suspending enforcement of its data cap and overage fees for 60 days during the coronavirus pandemic. “With so many people working and educating from home, we want our customers to access the Internet without thinking about data plans,” Comcast’s announcement said. “While the vast majority of our customers do not come close to using 1TB of data in a month, we are pausing our data plans for 60 days giving all customers unlimited data for no additional charge.” Normally, Comcast charges an extra $50 per month for unlimited data, or $10 for each additional block of 50GB after customers exceed 1TB.


8 – Research Finds Microsoft Edge Has Privacy-Invading Telemetry

While Microsoft Edge shares the same source code as the popular Chrome browser, it offers better privacy control for users. New research, though, indicates that it may have more privacy-invading telemetry than other browsers. According to Microsoft, telemetry refers to the system data that is uploaded by the Telemetry components or browser’s built-in services. Telemetry features aren’t new to Microsoft and the company has been using Telemetry data from Windows 10 to identify issues, analyze and fix problems. Professor Douglas J Leith, Chair of Computer Systems at Trinity College in Ireland, tested six web browsers to determine what data they were sharing. In his research, he pitted Chromium-based Microsoft Edge, Google Chrome, Brave, Russia’s Yandex, Firefox and Apple Safari.


9 – Bill Gates Steps Down From Microsoft’s Board Of Directors

Bill Gates, the co-founder and former CEO of Microsoft, on Friday, announced that he has decided to step down from the company’s board of directors and Berkshire Hathaway to focus more on philanthropy. He, however, will continue to serve as a technology adviser to Microsoft CEO Satya Nadella and other company leaders. For those unaware, Gates runs one of the world’s largest charities, the Bill & Melinda Gates Foundation (BMGF), with his wife Melinda. Launched in 2000, the primary goals of the foundation are, globally, to enhance healthcare and reduce extreme poverty, and, in the U.S., to expand educational opportunities and access to information technology.


10 – The Web’s Bot Containment Unit Needs Your Help

Anyone who’s seen the 1984 hit movie Ghostbusters likely recalls the pivotal scene where a government bureaucrat orders the shutdown of the ghost containment unit, effectively unleashing a pent-up phantom menace on New York City. Now, something similar is in danger of happening in cyberspace: Shadowserver.org, an all-volunteer nonprofit organization that works to help Internet service providers (ISPs) identify and quarantine malware infections and botnets, has lost its longtime primary source of funding.


11 – HHS Says DDoS Attack Failed to Cause Disruption

The U.S. Department of Health and Human Services (HHS) was targeted with a distributed denial-of-service (DDoS) attack on Sunday, but the agency said it did not experience any significant disruption as a result of the incident. “HHS has an IT infrastructure with risk-based security controls continuously monitored in order to detect and address cybersecurity threats and vulnerabilities. On Sunday, we became aware of a significant increase in activity on HHS cyber infrastructure and are fully operational as we actively investigate the matter,” Caitlin Oakley, an HHS spokesperson, told SecurityWeek. “Early on while preparing and responding to COVID-19, HHS put extra protections in place,” Oakley added. “We are coordinating with federal law enforcement and remain vigilant and focused on ensuring the integrity of our IT infrastructure.”


12 – Intel CPUs vulnerable to new ‘Snoop’ attack

Intel processors are vulnerable to a new attack that can leak data from the CPU’s internal memory — also known as the cache. The attack, described as “Snoop-assisted L1 Data Sampling,” or just Snoop (CVE-2020-0550), has been discovered by Pawel Wieczorkiewicz, a software engineer at Amazon Web Services (AWS). Wieczorkiewicz reported the issue to Intel, and after further investigations, the CPU maker concluded that patches released in August 2018 for the Foreshadow (L1TF) vulnerability also apply to this new attack. A list of Intel processors that are vulnerable to Snoop attacks is available here. The list includes Intel series like Core and Xeon processors.


13 – Online coronavirus scams are here, watch out for these red flags

Whenever a public crisis rears its ugly head, hackers and scammers are all too ready to rub their hands together and take advantage of the fear in the air. With the spread of the novel coronavirus, it’s a good idea to be wary of new iterations of the same old malware and phishing attacks — especially if you’re spending more time working from home. A recent release from the US Cybersecurity and Infrastructure Security Agency offers some solid advice on what to watch out for. 


14 – Big BEC Bust Brings Down Dozens

Federal officials have arrested two dozen individuals on charges related to a series of business email compromise (BEC) fraud and money-laundering schemes. The individuals, most of whom live in or around Atlanta, are alleged to have committed fraud against individuals and companies using BEC schemes, romance fraud scams, and retirement account scams, among others. According to a statement released by the Justice Department, those arrested this week join 17 individuals already in federal custody as charged in the series of alleged crimes. The department says that those charged collected more than $30 million from their victims, laundering the money through accounts often opened in victims’ names and used to both defraud the victim and launder the criminal proceeds.

Related Posts